yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-09 17:45:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
4595 commits 88 branches 205 tags 69 MiB
Commit graph

109 commits

Author SHA1 Message Date
Gilles Peskine 283a80d51f Merge remote-tracking branch 'upstream-public/pr/1108' into mbedtls-2.1 2017-11-28 18:31:28 +01:00
Hanno Becker 0d0422cbd0 Unify naming schemes for RSA keys 2017-10-06 14:09:58 +01:00
Hanno Becker 82027c1cd9 Don't use all_final as a target in tests/data_files/Makefile 
The `neat` target in that Makefile assumes all_final to be a concatenation of
file names.
 2017-10-06 14:05:13 +01:00
Hanno Becker 734b6d4527 Add suffix for 1024-bit RSA key files 
Previously, 2048-bit and 4096-bit RSA key files had their bitsize indicated in their filename, while the original
1024-bit keys hadn't. This commit unifies the naming scheme by always indicating the bitsize in the filename.
 2017-10-06 14:05:04 +01:00
Hanno Becker f5b1ea3707 Correct Makefile in tests/data_files 
The documentation of the target `all_final` was no longer accurate, and numerous non-file targets were missing in the
.PHONY section.
 2017-10-06 14:04:54 +01:00
Hanno Becker dca50813e9 Update keyfiles 
This commit replaces the previous keyfiles with those generated by the commands added in the previous commit.
 2017-10-06 14:04:02 +01:00
Hanno Becker 9c22f5904a Add RSA key generation commands to test Makefile 
This commit adds the commands used to generate the various RSA keys to tests/Makefile so that they can be easily
regenerated or modified, e.g. if larger key sizes or other encryption algorithms need to be tested in the future.
 2017-10-06 14:03:53 +01:00
Hanno Becker 0642ed4e45 Add tests for encrypted 2048 and 4096-bit RSA keys 2017-10-06 14:03:24 +01:00
Hanno Becker 7de3ff36df Minor style and typo corrections 2017-10-04 14:51:32 +01:00
Hanno Becker 2b6c3f655a Extend tests/data_files/Makefile to include CRT's for CRT write test 2017-10-04 14:36:38 +01:00
Hanno Becker e3af3afd5a Omit version from X.509 v1 certificates 
The version field in an X.509 certificate is optional and defaults to v1, so it
may be omitted in this case.
 2017-10-04 14:34:02 +01:00
Hanno Becker eeb1350073 Fix typo 2017-07-28 12:20:48 +01:00
Hanno Becker 323a2227ee Improve Readme for long test certificate chains 2017-07-28 12:20:48 +01:00
Janos Follath 4721831ffb Fix typos 2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard 71103cbcbb Make test script more portable 
seq isn't POSIX and isn't present by default on BSDs
 2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard 4770dbc913 Add test for limit on intermediate certificates 
Inspired by test code provided by Nicholas Wilson in PR #351.

The test will fail if someone sets MAX_INTERMEDIATE_CA to a value larger than
18 (default is 8), which is hopefully unlikely and can easily be fixed by
running long.sh again with a larger value if it ever happens.

Current behaviour is suboptimal as flags are not set, but currently the goal
is only to document/test existing behaviour.
 2017-07-28 12:19:49 +01:00
Gilles Peskine 9bb4f2835c Document test data makefile 2017-06-06 19:08:23 +02:00
Gilles Peskine ae76599686 Test that SHA-1 defaults off 
Added tests to validate that certificates signed using SHA-1 are
rejected by default, but accepted if SHA-1 is explicitly enabled.
 2017-06-06 19:08:23 +02:00
Gilles Peskine 83ed596d62 Added SHA256 test certificates 
With SHA-1 deprecation, we need a few certificates using algorithms in
the default support list. Most tests still use SHA-1 though.

The generation process for the new certificates is recorded in the makefile.
 2017-06-06 19:08:23 +02:00
Simon Butcher d352e6dfcc Merge branch 'mbedtls-2.1-iotssl-1071-ca-flags' 
Fixes a regression introduced by an earlier commit that modified
x509_crt_verify_top() to ensure that valid certificates that are after past or
future valid in the chain are processed. However the change introduced a change
in behaviour that caused the verification flags MBEDTLS_X509_BADCERT_EXPIRED and
MBEDTLS_BADCERT_FUTURE to always be set whenever there is a failure in the
verification regardless of the cause.

The fix maintains both behaviours:

 * Ensure that valid certificates after future and past are verified
 * Ensure that the correct verification flags are set.
 2017-02-27 20:24:55 +00:00
Andres AG 3da3b6eccb Add tests for out flags from x509_crt_verify_top() 
The tests load certificate chains from files. The CA chains contain a
past or future certificate and an invalid certificate. The test then
checks that the flags set are MBEDTLS_X509_BADCERT_EXPIRED or
MBEDTLS_X509_BADCERT_FUTURE.
 2017-01-20 16:38:25 +00:00
Andres AG 978bdf9575 Add test for infinite loop in CRL parse 2017-01-19 17:13:36 +00:00
Janos Follath e223527da0 X509: Future CA among trusted: add more tests 2016-07-14 12:02:56 +01:00
Janos Follath 38921c8837 X509: Future CA among trusted: add unit tests 2016-07-14 12:02:50 +01:00
Janos Follath 365b226a56 x509: trailing bytes in DER: add integration tests 2016-03-15 23:49:46 +00:00
Manuel Pégourié-Gonnard 3cb2074a82 Add test case for root with max_pathlen=0 
This was already working but not tested so far

(Test case from previous commit still failing.)

Test certificates generated with:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key

programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    selfsign=1 max_pathlen=0
programs/x509/cert_write serial=92 output_file=cert92.crt \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK"

mv cert9?.crt tests/data_files/dir4
rm cert9?.key
 2015-11-19 11:25:30 +01:00
Manuel Pégourié-Gonnard 922cd9ba36 Add test case for first intermediate max_pathlen=0 
!!! This test case is currently failing !!!
(See fix in next-next commit.)

Test certificates generated with the following script:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key

programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    selfsign=1
programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \
    max_pathlen=0
programs/x509/cert_write serial=83 output_file=cert83.crt \
    issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \
    subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK"

mv cert8?.crt tests/data_files/dir4
rm cert8?.key
 2015-11-19 11:25:27 +01:00
Jonathan Leroy e03fa7c16a Test certificate "Server1 SHA1, key_usage" reissued. 2015-11-02 05:58:58 +09:00
Janos Follath 36f1234d96 Additional corner cases for testing pathlen constrains. Just in case. 2015-11-02 05:55:15 +09:00
Janos Follath c7bea3158a Added test case for pathlen constrains in intermediate certificates 2015-11-02 05:55:02 +09:00
Manuel Pégourié-Gonnard 560fea3767 Add tests for verify callback 
As we're about to change the chain construction logic, we want to make sure
the callback will still be called exactly when it should, and not on the
(upcoming) ignored certs in the chain.
 2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard 052d10c9d5 Accept a trailing space at end of PEM lines 
With certs being copy-pasted from webmails and all, this will probably become
more and more common.

closes #226
 2015-07-31 11:11:26 +02:00
Manuel Pégourié-Gonnard 9a702255f4 Add parsing/printing for new X.509 keyUsage flags 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 6ea831dcf4 Add tests for mbedtls_set_hs_ca_chain() 2015-06-22 17:30:18 +02:00
Manuel Pégourié-Gonnard 7a010aabde Add tests for dhm_min_bitlen 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard 5119df2022 Add test case for dh params with privateValueLength 2015-04-15 13:50:29 +02:00
Manuel Pégourié-Gonnard e6c8366b46 Fix bug in pk_parse_key() 2015-04-15 11:21:24 +02:00
Paul Bakker 6152b0267c Fixed typos 2015-04-14 15:00:09 +02:00
Manuel Pégourié-Gonnard 39ead3ef2f Add test certificate for bitstring in DN 2015-03-27 13:11:33 +01:00
Manuel Pégourié-Gonnard 57a5d60abb Add tests for concatenated CRLs 2014-11-19 16:08:34 +01:00
Manuel Pégourié-Gonnard 4be3449dbc Add Readme about X.509 test files 2014-11-19 14:03:59 +01:00
Manuel Pégourié-Gonnard 9c911da68f Add tests for X.509 name encoding mismatch 2014-10-17 12:42:31 +02:00
Manuel Pégourié-Gonnard 64938c63f0 Accept spaces at end of line/buffer in base64 2014-10-15 23:53:33 +02:00
Manuel Pégourié-Gonnard da1b4de0e4 Increase MPI_MAX_BYTES to allow RSA 8192 2014-10-15 22:06:46 +02:00
Paul Bakker 5a5fa92bfe x509_crt_parse() did not increase total_failed on PEM error 
Result was that PEM errors in files with multiple certificates were not
detectable by the user.
 2014-10-03 15:47:13 +02:00
Manuel Pégourié-Gonnard 192253aaa9 Fix buffer size in pk_write_*_pem() 2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard d249b7ab9a Restore ability to trust non-CA selfsigned EE cert 2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard c4eff16516 Restore ability to use v1 CA if trusted locally 2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard 5873b00b7f Add pathological RSASSA-PSS test certificates 
Certificates announcing different PSS options than the ones actually used for
the signature. Makes sure the options are correctly passed to the verification
function.
 2014-06-07 11:21:52 +02:00
Manuel Pégourié-Gonnard eacccb7fb9 Add RSASSA-PSS certificate with all defaults 2014-06-05 18:00:08 +02:00